version 1.84, 2019/04/02 12:46:56 |
version 1.85, 2019/05/27 22:55:19 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=errata> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 2.3 Errata</title> |
<title>OpenBSD 2.3 Errata</title> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/errata23.html"> |
<link rel="canonical" href="https://www.openbsd.org/errata23.html"> |
</head> |
|
|
|
<!-- |
<!-- |
IMPORTANT REMINDER |
IMPORTANT REMINDER |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
--> |
--> |
|
|
<body bgcolor="#ffffff" text="#000000" link="#23238E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">2.3 Errata</font> |
2.3 Errata |
</h2> |
</h2> |
<hr> |
<hr> |
|
|
|
|
|
|
<ul> |
<ul> |
<li id="bootpd"> |
<li id="bootpd"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
|
|
This is the second version of the patch. |
This is the second version of the patch. |
<p> |
<p> |
<li id="tcpfix"> |
<li id="tcpfix"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="atapi"> |
<li id="atapi"> |
<font color="#009000"><strong>HARDWARE SUPPORT</strong></font> |
<strong>HARDWARE SUPPORT</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Some ATAPI cdroms which do not support the full mandatory command set, |
Some ATAPI cdroms which do not support the full mandatory command set, |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. |
|
|
available here.</a> |
available here.</a> |
<p> |
<p> |
<li id="chpass"> |
<li id="chpass"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Chpass(1) has a file descriptor leak which allows an |
Chpass(1) has a file descriptor leak which allows an |
attacker to modify /etc/master.passwd. |
attacker to modify /etc/master.passwd. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="resid"> |
<li id="resid"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font> |
<strong>RELIABILITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
Calling readv(2) with iov_len < 0 or > INT_MAX would result in a |
kernel panic. This is the third revision of this patch. |
kernel panic. This is the third revision of this patch. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="inetd"> |
<li id="inetd"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Inetd had a file descriptor leak. A patch is |
Inetd had a file descriptor leak. A patch is |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch"> |
available here.</a> |
available here.</a> |
<p> |
<p> |
<li id="unionfs"> |
<li id="unionfs"> |
<font color="#009000"><strong>BUG FIX</strong></font> |
<strong>BUG FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
As shipped, unionfs had some serious problems. |
As shipped, unionfs had some serious problems. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch"> |
A patch is available to solve this</a>. |
A patch is available to solve this</a>. |
<p> |
<p> |
<li id="fdalloc"> |
<li id="fdalloc"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Some non-allocated file descriptors have implied uses according to |
Some non-allocated file descriptors have implied uses according to |
system libraries, and hence setuid and setgid processes should not |
system libraries, and hence setuid and setgid processes should not |
|
|
available here.</a> |
available here.</a> |
<p> |
<p> |
<li id="resolver"> |
<li id="resolver"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A benign looking buffer overflow in the resolver routines was re-introduced |
A benign looking buffer overflow in the resolver routines was re-introduced |
accidentally. The previously fixed behaviour is more correct. A patch |
accidentally. The previously fixed behaviour is more correct. A patch |
|
|
available here.</a> |
available here.</a> |
<p> |
<p> |
<li id="xlib"> |
<li id="xlib"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
Vulnerabilities have been found in the X11, Xt, Xaw and Xmu |
libraries. These affect xterm and all other setuid-root programs that |
libraries. These affect xterm and all other setuid-root programs that |
|
|
OpenBSD 2.3 X11 tree, is available now. |
OpenBSD 2.3 X11 tree, is available now. |
<p> |
<p> |
<li id="kill"> |
<li id="kill"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The kill(2) system call previously would permit a large set of signals to |
The kill(2) system call previously would permit a large set of signals to |
be delivered to setuid or setgid processes. If such processes were using |
be delivered to setuid or setgid processes. If such processes were using |
|
|
available.</a> |
available.</a> |
<p> |
<p> |
<li id="immutable"> |
<li id="immutable"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A possible new security problem exists if you rely on securelevels and |
A possible new security problem exists if you rely on securelevels and |
immutable or append-only files or character devices. The fix does not |
immutable or append-only files or character devices. The fix does not |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="ipsec"> |
<li id="ipsec"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
If IPSEC communication is attempted by starting photurisd(8) (which is |
If IPSEC communication is attempted by starting photurisd(8) (which is |
disabled by default), a system crash may be evoked from remote if |
disabled by default), a system crash may be evoked from remote if |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="xterm-xaw"> |
<li id="xterm-xaw"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
As stated in CERT advisory VB-98.04, there are buffer |
As stated in CERT advisory VB-98.04, there are buffer |
overrun problems in <strong>xterm</strong> related to the input-Method, |
overrun problems in <b>xterm</b> related to the input-Method, |
preeditType, and *Keymap resources. Additional buffer overruns exist in |
preeditType, and *Keymap resources. Additional buffer overruns exist in |
the <strong>Xaw</strong> library related to the inputMethod and |
the <b>Xaw</b> library related to the inputMethod and |
preeditType resources. The xterm(1) problem represents a security |
preeditType resources. The xterm(1) problem represents a security |
vulnerability for any platform where xterm is installed setuid-root |
vulnerability for any platform where xterm is installed setuid-root |
(as is the case for all OpenBSD platforms). The Xaw problem represents |
(as is the case for all OpenBSD platforms). The Xaw problem represents |
|
|
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>. |
We also provide tar files which replace the xterm(1) binary and the libXaw |
We also provide tar files which replace the xterm(1) binary and the libXaw |
libraries on your system. These are expected to be extracted in |
libraries on your system. These are expected to be extracted in |
<strong>/usr/X11R6</strong> using the command |
<b>/usr/X11R6</b> using the command |
<strong>"tar xvfpz Xawfix.tgz"</strong>. |
<b>"tar xvfpz Xawfix.tgz"</b>. |
The files are... |
The files are... |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz">i386</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>, |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz">alpha</a>, |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz">arc</a>. |
<p> |
<p> |
<li id="pctr"> |
<li id="pctr"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<strong>RELIABILITY FIX</strong><br> |
The pctr(4) driver has bugs that permit any user to crash the machine, |
The pctr(4) driver has bugs that permit any user to crash the machine, |
if the CPU is not an Intel CPU. This problem has been properly fixed |
if the CPU is not an Intel CPU. This problem has been properly fixed |
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid |
since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid |
the problem, recompile your kernel without the pctr(4) device driver. |
the problem, recompile your kernel without the pctr(4) device driver. |
<p> |
<p> |
<li><font color="#009000"><strong>CORRUPTED FILE</strong></font><br> |
<li><strong>CORRUPTED FILE</strong><br> |
The CD version of the precompiled ghostscript package is corrupted and |
The CD version of the precompiled ghostscript package is corrupted and |
not installable. The correct file can be retrieved by FTP from: |
not installable. The correct file can be retrieved by FTP from: |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz"> |
|
|
</ul> |
</ul> |
<p> |
<p> |
<li id="pcvt"> |
<li id="pcvt"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<strong>RELIABILITY FIX</strong><br> |
The pcvt(4) console driver has a bug that can cause some keyboard |
The pcvt(4) console driver has a bug that can cause some keyboard |
controllers to lock up when a key is pressed that toggles the status |
controllers to lock up when a key is pressed that toggles the status |
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
of a keyboard LED (scroll lock, caps lock, etc). The problem is |
|
|
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/pcvt.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li><font color="#009000"><strong>RELIABILITY FIX</strong></font><br> |
<li><strong>RELIABILITY FIX</strong><br> |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
The 2.3 release does not run reliably on the sun4m LX/LC machines |
(ie. Sparc Classic). |
(ie. Sparc Classic). |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch"> |
|
|
Other replacements for the 2.3 install tools are |
Other replacements for the 2.3 install tools are |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc">also available</a>. |
<p> |
<p> |
<li><font color="#009000"><strong>MINOR INCOMPATIBILITY</strong></font><br> |
<li><strong>MINOR INCOMPATIBILITY</strong><br> |
The AmigaOS patch |
The AmigaOS patch |
<a href="http://us.aminet.net/pub/aminet/util/sys/PoolMem.lha">PoolMem</a> |
<a href="http://us.aminet.net/pub/aminet/util/sys/PoolMem.lha">PoolMem</a> |
improves AmigaOS memory handling tremendously, but confuses loadbsd, which |
improves AmigaOS memory handling tremendously, but confuses loadbsd, which |
|
|
right before running loadbsd. The next release of loadbsd will probably be |
right before running loadbsd. The next release of loadbsd will probably be |
PoolMem-aware. |
PoolMem-aware. |
<p> |
<p> |
<li><font color="#009000"><strong>RELEASE WARNING</strong></font><br> |
<li><strong>RELEASE WARNING</strong><br> |
The XFree86 binary set shipped on the CD and FTP site are not the |
The XFree86 binary set shipped on the CD and FTP site are not the |
exact final set that we shipped for the other releases. A few minor |
exact final set that we shipped for the other releases. A few minor |
changes, mostly in <strong>xdm(1)</strong> configuration, were made |
changes, mostly in <b>xdm(1)</b> configuration, were made |
after those binaries were made. Patches for this might come out later. |
after those binaries were made. Patches for this might come out later. |
<p> |
<p> |
<li><font color="#009000"><strong>X11 RELEASE ERROR</strong></font><br> |
<li><strong>X11 RELEASE ERROR</strong><br> |
The XFree86 binary set was linked with an older version of the C |
The XFree86 binary set was linked with an older version of the C |
library. To work around the problem, do the following as root. |
library. To work around the problem, do the following as root. |
<p> |
<p> |
|
|
ln -s libc.so.18.0 libc.so.17 |
ln -s libc.so.18.0 libc.so.17 |
</pre> |
</pre> |
<p> |
<p> |
<li><font color="#009000"><strong>X11 RELEASE ERROR</strong></font><br> |
<li><strong>X11 RELEASE ERROR</strong><br> |
The X11R5 server used in this port does not understand the default |
The X11R5 server used in this port does not understand the default |
authorization types used by the X11R6 clients, which results in no |
authorization types used by the X11R6 clients, which results in no |
clients being able to connect to the server. To fix this |
clients being able to connect to the server. To fix this |
|
|
DisplayManager._0.authName: MIT-MAGIC-COOKIE-1 |
DisplayManager._0.authName: MIT-MAGIC-COOKIE-1 |
</pre> |
</pre> |
<p> |
<p> |
<li><font color="#009000"><strong>INSTALLATION PROCESS FLAW</strong></font><br> |
<li><strong>INSTALLATION PROCESS FLAW</strong><br> |
The pmax install does not correctly install the boot block. |
The pmax install does not correctly install the boot block. |
To work around the problem, after the install program has finished, do |
To work around the problem, after the install program has finished, do |
the following (assuming scsi id 0): |
the following (assuming scsi id 0): |
|
|
disklabel -R -B rz0 /tmp/label |
disklabel -R -B rz0 /tmp/label |
</pre> |
</pre> |
<p> |
<p> |
<li><font color="#009000"><strong>RELEASE WARNING</strong></font><br> |
<li><strong>RELEASE WARNING</strong><br> |
The XFree86 binary set shipped on the CD and FTP site are not the |
The XFree86 binary set shipped on the CD and FTP site are not the |
exact final set that we shipped for the other releases. A few minor |
exact final set that we shipped for the other releases. A few minor |
changes, mostly in <strong>xdm(1)</strong> configuration, were made |
changes, mostly in <b>xdm(1)</b> configuration, were made |
after those binaries were made. Patches for this might come out later. |
after those binaries were made. Patches for this might come out later. |
<p> |
<p> |
<li><font color="#009000"><strong>X11 RELEASE ERROR</strong></font><br> |
<li><strong>X11 RELEASE ERROR</strong><br> |
The XFree86 binary set was linked with an older version of the C |
The XFree86 binary set was linked with an older version of the C |
library. To work around the problem, do the following as root. |
library. To work around the problem, do the following as root. |
<p> |
<p> |
|
|
ln -s libc.so.18.0 libc.so.17 |
ln -s libc.so.18.0 libc.so.17 |
</pre> |
</pre> |
<p> |
<p> |
<li><font color="#009000"><strong>RELEASE WARNING</strong></font><br> |
<li><strong>RELEASE WARNING</strong><br> |
When you start the install an upgrade option is advertised but |
When you start the install an upgrade option is advertised but |
there really is no such option. |
there really is no such option. |
<p> |
<p> |
<li><font color="#009000"><strong>RELEASE WARNING</strong></font><br> |
<li><strong>RELEASE WARNING</strong><br> |
When you start the install an upgrade option is advertised but |
When you start the install an upgrade option is advertised but |
there really is no such option. |
there really is no such option. |
<p> |
<p> |
<li><font color="#009000"><strong>RELEASE WARNING</strong></font><br> |
<li><strong>RELEASE WARNING</strong><br> |
Unlabeled disks with weird geometries can panic the kernel. |
Unlabeled disks with weird geometries can panic the kernel. |
A fix will be made available when 2.3 is out. |
A fix will be made available when 2.3 is out. |
<p> |
<p> |
<li><font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<li><strong>SECURITY FIX</strong><br> |
The powerpc release shipped on the OpenBSD 2.3 CD does not contain |
The powerpc release shipped on the OpenBSD 2.3 CD does not contain |
two late fixes applied late in the release cycle. The |
two late fixes applied late in the release cycle. The |
<a href="errata22.html#rmjob">rmjob</a> and |
<a href="errata22.html#rmjob">rmjob</a> and |
|
|
</ul> |
</ul> |
|
|
<hr> |
<hr> |
|
|
</body> |
|
</html> |
|